What you need to know
- A new phishing attack uses cloned Microsoft imagery to trick people into giving away their Office 365 login details.
- The attack imitates file share and audio notification emails from Microsoft Teams.
- The attack uses several URL redirects that take people to a convincing fake login page.
A new phishing attack was discovered toward the end of last week that aims to steal people's Office 365 login details. The attack used cloned imagery to send convincing emails that pretends to be Microsoft Teams notifications. Clicking on links within the emails goes through several URL redirects to cover up the attack and ends up on a realistic fake Office 365 login page. The page asks people to log in to their Office 365 account, but actually just steals people's login details. Abnormal Security first discovered and reported on the attack.
The phishing attack is particularly dangerous because millions of people are using Microsoft Teams for the first time due to the current global health crisis. With Microsoft Teams reaching 75 million daily active users recently, tens of millions of people are using the service for the first time. As a result, many people won't be familiar with what types of notifications the service sends out. Even if someone is familiar with Microsoft Teams, the phishing attack uses cloned imagery from Microsoft that is convincing.
Abnormal Security summarizes how convincing images and URL redirects create an effective attack:
The email and landing page the attackers created were convincing. The webpages and the links the email direct to are visually identical to legitimate Microsoft Teams and Microsoft login pages. Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials.
On May 1, 2020, Abnormal Security reported that between 15,000 and 50,000 inboxes received emails as part of the phishing attack. Abnormal Security highlights that because Microsoft Teams is linked to Office 365, a successful phishing attack on a person's Microsoft Teams account could also grant access to people's Office 365 account. The firm states, "Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on."
To keep yourself protected, make sure the check the URL and source of emails and websites. For example, one attack comes from an email attache to "sharepointonline-irs.com." That website is not affiliated with Microsoft or the IRS. Some of the other URLs used look less convincing, but you should always keep an eye out when clicking on links as some might have URLs that seem reasonable.
Benchmarking the new Surface Book 3 15 with GTX 1660 Ti and 10th Gen i7
Although it's too early for a review, here are some initial benchmarks from the new Surface Book 3 15-inch with a Core i7 and NVIDIA GeForce 1660 Ti (Max-Q) and how it compares to Surface Book 2 and other premium laptops. Spoiler: While the CPU is just OK, that 1660 Ti definitely bumps up the Book 3's potential.
Review: Sabrent's Rocket Q SSDs are fast, well-priced and go up to 4TB
Sabrent has a new SSD range available in the form of the Rocket Q. These new NVMe SSDs use QLC NAND, but offer impressive speeds and storage capacities at affordable prices. Check our full review to see how they compare against other SSDs.
Review: How do I go back to Wi-Fi 5 after using TP-Link's Archer AX6000?
TP-Link's Archer AX6000 is an 802.11ax router designed to take your network into the future. However, it might not be exactly what you're looking for due to its high-end specs and relatively high price. We explain in this review.
Make the most of your Surface Pen and Slim Pen with these awesome apps
To really maximize the ability of the Surface Pen and Slim Pen, there are some essential apps you should check out. We've rounded up the best right here for a variety of purposes.